[jira] [Commented] (SSHD-1255) Support host key update and rotation in the client

["Thomas Wolf (Jira)" <ji...@apache.org>]

    [ https://issues.apache.org/jira/browse/SSHD-1255?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17517648#comment-17517648 ] 

Thomas Wolf commented on SSHD-1255:
-----------------------------------

The point is that the client side handler is empty. It doesn't send back the prove challenge message to the server, nor does it handle the reply to that.

This is a must do. I wouldn't want to add unproven keys to the known_hosts file.

Note that the challenge message must be sent asynchronously; global request is synchronous, but we're already handling a global request and are holding the sessionLock. Ideally I'd like to have a way to fire off the global request for that prove challenge, passing a FutureTask that gets automatically invoked (possibly in a different thread) when the reply is received. This needs a rewrite of the global request handling first to do it properly.

User's can already install their own ServerKeyVerifier. I see no reason why that should change.

> Support host key update and rotation in the client
> --------------------------------------------------
>
>                 Key: SSHD-1255
>                 URL: https://issues.apache.org/jira/browse/SSHD-1255
>             Project: MINA SSHD
>          Issue Type: Improvement
>    Affects Versions: 2.8.0
>            Reporter: Thomas Wolf
>            Priority: Major
>
> Add support for the {{hostkeys-00@openssh.com}} and {{hostkeys-prove-00@openssh.com}} KEX extensions, including updating {{known_hosts}}.
> See https://github.com/openssh/openssh-portable/blob/807be6868/PROTOCOL#L286 .



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@mina.apache.org
For additional commands, e-mail: dev-help@mina.apache.org